StartSSL – NGINX SSL

To ensure that your website is securely running it needs to have https enabled. This short tutorial will list steps necessary to secure NGINX server with a free Class 1 certificate from StartSSL.

Assumption:

1. You have a server running NGINX
2. You have already setup free account with StartSSL
3. You have validated your domain with StartSSL

Prep Work:

Download the StartSSL CA Certificate using wget:
wget https://www.startssl.com/certs/ca.pem

Download the StartSSL Intermediate CA Certificate using wget:
wget https://www.startssl.com/certs/sub.class1.server.ca.pem

Create a unified CA Certificate file:
cat sub.class1.server.ca.pem >> ca.pem

 

Private key and Website Certificate

Use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server.

My naming convention:
Private key: website.com.original.key
Certificate: website.com.crt

Then execute the following steps:

Decrypt the private key by using the password you entered when you created your key:
openssl rsa -in website.com.original.key -out website.com.key

Secure your key:
chmod 600 website.com.key

Create a single file containing your signed certificate and the StartSSL CA certificates for Nginx:

cat website.com.crt ca.pem > website.com.unified.crt

Configure your nginx server to use the new key and certificate (in the global settings or a server section):

ssl on;
ssl_certificate /etc/nginx/conf/website.com.unified.crt;
ssl_certificate_key /etc/nginx/conf/website.com.key;

Reload nginx config or restart the service.
And you’re done!

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × two =

This site uses Akismet to reduce spam. Learn how your comment data is processed.